Adding 802.1x features to a switch driver

Florian Fainelli florian.fainelli at int-evry.fr
Thu Aug 10 17:39:26 EDT 2006


Hello Stefan, Jouni,

Thank you both for your answer. You are perfectly right Stefan, you pointed 
out the limitations of the switch, anyway, this could probably done software 
by either tuning the switch driver and the hostapd wired driver.

I don't really understand why 802.1x reauthentication could not be achieved ? 
Is it because of the above limitations ? If so, could you be a little bit 
more specific ?

Thank you very much in advance for your answer.


Le jeudi 10 août 2006 11:40, Stefan Rompf a écrit :
> Am Mittwoch, 9. August 2006 14:29 schrieb Florian Fainelli:
> > First of all, thank you very much for this great software. I am planning
> > on adding 802.1x features to an existing switch driver (bcm53xx/adm6996
> > used by OpenWrt), basically, if a user is not authenticated, the port is
> > shut down.
> >
> > Is there anything I should look for, be aware of ? Is there an example
> > somewhere ? How far can I be inspired by the wired driver ?
>
> The adm6996 used by WRT54 is a six port switch. AFAIR this chip does not
> allow limiting traffic to ethernet types, but is able to use VLANs. The
> WRT54 CPU has an internal ethernet port that is connected to one of the
> switch ports and receives tagged VLANs.
>
> From a first glance, you will need to put the external ports into separate
> VLANs in unauthenticated state, handle EAPOL processing there and
> reconfigure the ports into the shared vLAN after success. 802.1x
> reauthentication may be unavailable in this setup.
>
> Stefan

-- 
Cordialement, Florian Fainelli
---------------------------------------------
5, rue Charles Fourier
Chambre 1511
91011 Evry
http://www.alphacore.net
(+33) 01 60 76 64 86
(+33) 06 09 02 64 95
---------------------------------------------
Association MiNET
http://www.minet.net
---------------------------------------------
Institut National des Télécommunications
http://www.int-evry.fr/telecomint
---------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20060810/9dce720d/attachment.pgp 


More information about the HostAP mailing list